Netskope Help

Configure Business Intent Overlay Policies

Complete the following steps to configure BIO policies to associate with Netskope.

After creating the IPsec tunnels from the EdgeConnect appliance to the primary and failover POPs, create a business intent overlay (BIO) that points to those IPsec tunnels. Using access control lists (ACL), specify the applications that you want to forward to Netskope on the BIO screen.

Before creating a BIO, create ACLs on the Configuration > Template screen and apply them on the EdgeConnect appliance. Refer to the BIO and ACL online help for more information.

  1. On the Orchestrator home screen, select Configuration > Business Intent Overlays.

    The Business Intent Overlays tab opens.

    image11.jpeg

    In this example, the BIO references a CriticalApps ACL that already exists on the EdgeConnect appliance.

  2. Click any cell in the SD-WAN Traffic to Internal Subnets column. This opens the BIO edit dialog.

  3. Select the Link Bonding Policy you want to apply to your ACL.

  4. Go to the, Breakout Traffic to Internet & Cloud Services tab.

  5. Select the pencil icon next to Available Policies. The Services screen opens.

  6. For Service Name, select the name assigned to the primary POP. This service references the traffic sent to the primary POP.

  7. Click Add.

  8. For Service Name, select the name assigned to the failover POP.

  9. Click Add, and then click Save. The two services will be listed in the Available Policies section.

  10. Drag the services to the Preferred Policy Order section.

  11. In the Preferred Policy Order section, move the primary POP service above the failover POP service. By moving the primary POP to the top of the list, traffic is automatically forwarded to the primary POP.

  12. Click OK.

  13. Click Save and Apply changes to the Overlay. You have now configured a business intent overlay that points to the new IPsec VPN tunnels.

Your changes will be highlighted in the BIO table, but they have not yet been applied.